Authorization header is not sent when we give npm install with verdaccio in npm v6.9.0 , but it works with npm v3.10.10

Bug desription

npm install is not working for npm v6.9.0 (verdaccio has been hosted as private repository) when the access is change from $all to particular users in config.yaml

What I Wanted to Do

install verdaccio packages with restriction (user xxx should have ‘access’, ‘publish’, ‘unpublish’ but yyy should have only ‘access’ but not ‘publish’ or ‘unpublish’)
Note: ‘access’ here means seeing packages in verdaccio UI and installing them using npm install

What Happened Instead

we are getting E401 error saying that token is invalid on;y in npm v6.9.0 but not in v3.10.10 (verified)

npm WARN @scope/package-name@0.1.7 No repository field.

npm ERR! code E401
npm ERR! Unable to authenticate, your authentication token seems to
be invalid.
npm ERR! To correct this please trying logging in again with:
npm ERR!     npm login

npm ERR! A complete log of this run can be found in:
npm ERR!     C:\Users\User\AppData\Roaming\npm-cache\_logs\2019-07-09T14_38_41_734Z-debug.log

Reproduction Steps

Steps to reproduce the behavior:

  1. In server: Go to ‘config.yaml’ in verdaccio
  2. In server: Under packages section grant the ‘access’ to one/many users (space separated) instead of $all.
    Something like
packages:
'@*/*':
# scoped packages
access: xxx yyy
publish: xxx
unpublish: xxx
proxy: npmjs
  1. In server: Optionally enable logs with
logs:
# - { type: stdout, format: pretty, level: info, path: verdaccio.log}
- {type: file, path: verdaccio.log, level: info}
  1. In client: Login with username xxx or yyy. Login is successful

  2. In client: run npm install. The package will not get installed and throws 401

Details

verdaccio log file Difference between the npm v.6.9.0 and v3.10.10

The left side one with red color is npm v6.9.0 and the right side one with green color is npm v3.10.10

Platform Info

This problem happens only in server (running centos7) whereas when hosted locally (windows os) it works fine.

May be this happens only in server which is running centos7(could be the reason) or verdaccio in external network (possibilities are there) . Hope this helps!

$ npm --versions

{ npm: '6.9.0',
  ares: '1.15.0',
  cldr: '33.1',
  http_parser: '2.8.0',
  icu: '62.1',
  modules: '64',
  napi: '3',
  nghttp2: '1.34.0',
  node: '10.15.3',
  openssl: '1.1.0j',
  tz: '2018e',
  unicode: '11.0',
  uv: '1.23.2',
  v8: '6.8.275.32-node.51',
  zlib: '1.2.11' }


$ node -p process.platform

linux

This issue got fixed by adding always-auth=true in .npmrc file.
To do so run npm config set always-auth=true from cmd.

Thanks to the community!